Consent for personal data to be stored and used is the focus of data protection laws, such as the EU’s GDPR. But this isn’t the only aspect with which web owners should be compliant. What about letting users know about ‘tracking code’ that your website might place on their own devices and computers?
These clever markers are called ‘Cookies’, but what’s their real purpose? There are three main reasons:
1) Cookie code can make returning to a website more straightforward. Users no longer have to enter a password, or repeat details that have been entered into a booking system, for instance.
2) Cookies may be imposed by ‘captcha’ systems to allow a website to remember that the user is ‘not a robot’
3) Cookies can help website owners track visitors to analyse where they are from, their demographic, whether they have come to the website in response to a social media post, what kind of device they are using, and so on.
The law says that although the data gathered by such cookies is generally not personalized, users must be able to choose for themselves whether they agree to cookies or not. Consent cannot be assumed; the choice – yes or no – must be explicit. And that choice must be part of the data that is recorded.
All of this has greatly increased the number of annoying pop-up windows in today’s websites. As well as age-lockouts (‘are you over 18?’) and pay-walls (‘have you paid to see this webpage?’), there are multiple flavours of privacy permission forms. ‘Do you consent to receiving marketing or advertising?’ ‘Do you consent to your data being retained by the web owner?’ And ‘Are you OK with cookies on your computer?’